1. GENERAL

Introduction and Applicability
  • LUXLOOMS LIFESTYLE, a company incorporated under the laws of India, managing and operating rajasvisilks.com under the brand name Rajasvi Silks (collectively referred to as the “Website”), offers to sell sarees and related clothing products and/or services. For the purpose of the DPDP Act, 2023, LUXLOOMS LIFESTYLE acts as the Data Fiduciary and you, the user, are the Data Principal.
  • This privacy policy (“Privacy Policy”), together with the Terms and Conditions (accessible via a link on the Website), governs your use of the Website and outlines our policies on the collection, use, disclosure, processing, transfer, and storage of the information you provide to us.
  • By using, browsing, accessing, or purchasing sarees and clothing from the Website, you agree to be bound by this Privacy Policy and consent to the collection, storage, possession, dealing, handling, sharing, disclosure, or transfer of your information according to its terms.
  • This document is an electronic record and is governed by the provisions of the Information Technology Act, 2000, and the rules and amended provisions thereunder, as applicable, as well as the Digital Personal Data Protection Act, 2023, and the DPDP Rules, 2025.
1.2. Consent Notice and Withdrawal (DPDP Requirement)
  • Your consent for processing personal data must be free, specific, informed, unconditional, and unambiguous with a clear affirmative action.
  • At the time of collecting your personal data, we will provide you with a Consent Notice which will be presented independently and in clear, plain language. This notice will include: * An itemized list of the personal data collected. * The specified purpose(s) for which the data is processed (e.g., order fulfilment, personalized recommendations). * A description of the goods or services enabled by the processing (e.g., purchasing sarees).
  • Right to Withdraw Consent: You, the Data Principal, have the right to withdraw your consent at any time. The mechanism for withdrawal of consent will be as easy as the mechanism for giving consent.
  • If you withdraw your consent, we must cease processing your personal data unless retention is necessary for compliance with any law. If withdrawal affects our ability to provide services (e.g., we can't process an order without your address), we will notify you and may no longer be able to provide the service.

2. PERSONAL DATA WE COLLECT 

2.1. Definition and Scope
  • Personal Data refers to data that can directly or indirectly identify you. This includes data collected in digital form or data collected offline and subsequently converted into digital form.
  • We are obligated to ensure the personal data processed is complete, accurate, and consistent, especially when used for decision-making or disclosure to another Data Fiduciary.
2.2. Categories of Personal Data
  • Personal Information (for service provision): When you register an account, place an order, or interact with our website, we may collect personal information such as your name, shipping address, email address, phone number, and payment details.
  • Sensitive Personal Data: This includes financial details such as bank account, credit card, debit card, or other payment instrument information. We apply reasonable security safeguards to protect this data.
2.3. Non-Personal Information and Cookies
  • We collect non-personal information such as your IP address, browser type, operating system, and browsing behaviour. This helps us analyse trends and improve our services.
  • We utilize 'Cookies' and similar technologies to store preferences and track browsing behaviour. By accessing the Website, you acknowledge and authorize the placement of cookies on your web browser.
2.4. Data Minimization and Purpose Limitation
  • The personal data collected shall be limited to only such data as is necessary for the specified purpose communicated in the Consent Notice.
  • Personal data is processed only for a lawful purpose (either based on consent or a 'legitimate use' as defined under the DPDP Act).

3. HOW WE USE YOUR INFORMATION (Purpose Limitation)

3.1. Specified Purposes for Processing
  • We use your personal information to process your orders and payments for sarees and other clothing items.
  • To communicate with you about your orders, account, or inquiries, and to provide customer support.
  • To improve our website, products, and services based on your feedback and usage patterns.
  • To send you promotional offers, newsletters, and marketing communications, provided you have opted in to receive them.
3.2. Anonymization and Aggregation
  • We may aggregate and anonymize your information for statistical analysis, research, and other business purposes. Anonymized data cannot be used to personally identify you.

4. HOW WE SHARE AND RETAIN YOUR INFORMATION

4.1. Disclosure to Third Parties (Data Processors)
  • We disclose personal data to third-party companies that render services on our behalf (Data Processors), such as website hosting, payment processing, and order fulfilment.
  • We are required to enter into a contract (Data Processing Agreement) with all Data Processors, and we remain accountable for ensuring their compliance with the DPDP Act.
  • We mandate these Data Processors to uphold security measures equivalent to those we employ.
4.2. Disclosure to Group Entities and Business Transfers
  • We may disclose or transfer certain portions of your information to entities within the LUXLOOMS LIFESTYLEGroup (affiliates, subsidiaries, etc.), provided they are involved in the delivery of products/services.
  • Disclosure may occur in the event of a merger, acquisition, or sale of all or a portion of our business.
4.3. Cross-Border Transfer of Personal Data
  • Entities to which we transfer your personal data may be situated outside India.
  • By using our services, you provide your consent to such transfers, but we will adhere to any restrictions placed by the Central Government on transferring data to certain countries.
4.4. Storage Limitation and Retention
  • We shall cease to retain personal data as soon as it is reasonable to assume that the purpose for which it was collected is no longer being served.
  • For e-commerce entities, the DPDP Rules, 2025, suggest personal data should be deleted after a specific period (e.g., three years from the date the Data Principal last approached the Data Fiduciary), unless otherwise mandated by law. We will comply with the retention rules applicable to our size and category.
  • We will intimate the Data Principal at least 48 hours before deletion of their data due to inactivity (if applicable to our entity category).

5. DATA SECURITY AND BREACH NOTIFICATION

5.1. Security Safeguards (DPDP Requirement)
  • We take reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
  • These safeguards include, but are not limited to, encryption, strict access controls, continuous logging and monitoring, and verified backup systems.
5.2. Personal Data Breach Notification
  • In the event of a personal data breach, we are obligated to inform the Data Protection Board of India and the affected Data Principal (you) without delay.
  • We must notify the Board within 72 hours of detection, providing comprehensive information about the incident and mitigation steps. We will promptly notify you via your registered communication channels.

6. DATA PRINCIPAL RIGHTS AND GRIEVANCE REDRESSAL

6.1. Rights of the Data Principal
  • As the Data Principal, you have the following rights under the DPDP Act:
  1. Right to Access: To obtain information about the personal data being processed and the summary of processing activities.
  2. Right to Correction and Erasure: To correct inaccurate, misleading, or incomplete personal data, and to request the erasure of your personal data.
  3. Right to Grievance Redressal: The availability of an easily accessible point of contact to address complaints.
  4. Right to Nomination: To nominate another individual to exercise these rights in the event of your death or incapacity.
6.2. Grievance Redressal Mechanism
  • We will publish procedures on our Website for Data Principals to exercise their rights.
  • We will inform you of the time-period within which our grievance redressal system addresses the grievances you raise.

7. PROCESSING OF CHILDREN'S DATA

7.1. Children's Privacy (Under 18)
  • A child is an individual who has not completed the age of eighteen (18) years.
  • Processing the personal data of a child requires verifiable parental or lawful guardian consent prior to collection.
  • We shall refrain from: * Undertaking any processing that is likely to have a detrimental effect on the well-being of a child. * Tracking, monitoring the behaviour of, or directing targeted advertisements at children.
  • If we are made aware that we have collected a child's personal data without verifiable consent, we will take steps to delete the information within a reasonable time.

CUSTOMER SUPPORT / GRIEVANCE REDRESSAL

You may direct any queries or concerns relating to the Terms of Use, policies, or product complaints to our customer support team. We will acknowledge the receipt of any consumer complaint within forty-eight hours and endeavour to redress the complaint within one month from the date of receipt.

Contact Details: